CLAIMS 

What is claimed is: 



1 1 . A system comprising: 

2 one or more processors; and 

3 memory coupled to the processor, the memory containing one or more sequences 

4 of instructions for establishing sessions between a client and a server over 

5 a communications network, wherein execution of the one or more 

6 sequences of instructions by the one or more processors causes the 

7 processors to perform: 

8 receiving a first request to establish a first session between a client and a 

9 first server, wherein the request includes user identification 

10 information; 

1 1 determining, based on the user identification information, whether the first 

12 session between the client and the first server should be 

13 established, and if so, 

14 authorizing the first session between the client and the first server, 

15 and 

16 causing the user identification information to be stored in a cache; 

17 and 

,18 authorizing a second session between the client and the first server in 

19 response to a second request for the second session, based on the 

20 user identification information from the first request that is stored 

21 in the cache. 
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1 2. The system as recited in claim 1, wherein the user identification information 

2 includes a username and a one-time password (OTP), and wherein authorizing a 

3 second session comprises determining whether the OTP is valid at the time that 

4 the second request is received. 

1 3. The system as recited in claim 2, wherein authorizing a second session comprises 

2 determining whether the username and the OTP are in the cache, and if the 

3 username and the OTP are not in the cache, generating a request that can be sent 

4 to a password server to determine whether the OTP is currently valid. 

1 4. The system as recited in claim 2, wherein authorizing a second session comprises 

2 determining whether the username and the OTP are in the cache, and if the 

3 username and the OTP are not in the cache, determining whether the username 

4 and the OTP are still valid. 

1 5. The system as recited in claim 4, wherein determining whether the username and 

2 the OTP are still valid comprises: 

3 creating and storing a cached time value for the username and the OTP that 

4 indicates how long the username and the OTP have been stored in the 

5 cache; and 

6 comparing the cached time value with an expiration time-out value to determine 

7 whether the username and OTP are still valid. 

1 6. The system as recited in claim 4, wherein the step of determining whether the 

2 username and the OTP are still valid comprises determining whether an active 
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3 session currently exists between the client and the first server at the time of the 

4 second request. 

1 7. The system as recited in claim 1 , wherein the user identification information 

2 includes a username and a one-time password (OTP), and wherein authorizing the 

3 second session comprises: 

4 generating instructions to a second server for determining whether the username 

5 and OTP are currently in a second cache of the second server; and 

6 generating a request to a password server to authenticate the OTP; and 

7 generating instructions to the second server for caching the username and the OTP 

8 in memory at the second server. 

1 8. The system as recited in claim 1, wherein authorizing a second session comprises: 

2 receiving the second request from the first server, wherein the second request 

3 includes user identification information that contains a username and a 

4 second one-time password (OTP); 

5 determining whether the username and the second OTP correspond to user 

6 identification information stored in the cache, and if so, authorizing the 

7 second session between the client and the first server. 

1 9. The system as recited in claim 1, wherein receiving a first request to establish a 

2 first session between the client and the first server comprises receiving a first 

3 request in a Challenge Handshake Authentication Protocol, and wherein the 

4 sequences of instructions cause the one or more processors to perform: 
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5 validating the client using the Challenge Handshake Authentication Protocol 

6 before authorizing the first session between the client and the first server. 

1 10. The system as recited in claim 1, wherein receiving a first request to establish a 

2 first session between the client and the first server comprises receiving the first 

3 request in a Password Authentication Protocol, and wherein the sequences of 

4 instructions cause the one or more processors to perform: 

5 validating the client using the Password Authentication Protocol before 

6 authorizing the first session between the client and the first server. 

1 11. The system as recited in claim 1, wherein receiving a second request to establish a 

2 second session between the client and the first server comprises receiving the 

3 second request in a Challenge Handshake Authentication Protocol, and wherein 

4 the sequences of instructions cause the one or more processors to perform: 

5 validating the client using the Challenge Handshake Authentication Protocol 

6 before authorizing the second session between the client and the first 

7 server. 

1 12. The system as recited in claim 1, wherein receiving a second request to establish a 

2 second session between the client and the first server comprises receiving the 

3 second request based a Password Authentication Protocol, and wherein the 

4 sequences of instructions cause the one or more processors to perform: 

5 validating the client using the Password Authentication Protocol before 

6 authorizing the second session between the client and the first server. 
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1 13. The system as recited in claim 1 , wherein receiving a first request comprises 

2 receiving a one-time password that is generated by a Token card. 

1 14. The system as recited in claim 13, wherein receiving a second request comprises 

2 receiving the same one-time password as received in the first request. 

1 15. The system as recited in claim 1, wherein the sequences of instructions cause the 

2 one or more processors to perform: 

3 establishing a first Point-to-Point (PPP) session between the client and the first 

4 server. 

1 16. The system as recited in claim 1, wherein the sequences of instructions cause the 

2 one or more processors to perform: 

3 establishing a first Serial Line Internet Protocol (SLIP) session between the client 

4 and the first server. 

1 17. The system as recited in claim 1, wherein the sequences of instructions cause the 

2 one or more processors to perform: 

3 establishing a first second Point-to-Point (PPP) session between the client and the 

4 first server. 

1 18. The system as recited in claim 1, wherein the sequences of instructions cause the 

2 one or more processors to perform: 

3 establishing a first second Serial Line Internet Protocol (SLIP) session between 

4 the client and the first server. 

1 19. The system as recited in claim 1 , 
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2 wherein the first request includes a first username and a first one-time password 

3 (OTP) and the second request includes a second username and a second 

4 one-time password (OTP); 

5 wherein storing the user identification information comprises storing the first 

6 username and the first OTP in a cache; and 

7 wherein authorizing the second session comprises determining that the second 

8 OTP corresponds to the first OTP that is in the cache. 

1 20. The system recited in claim 1, wherein the sequences of instructions cause the one 

2 or more processors to perform: 

3 identifying, based on a username from the user identification information, a set of 

4 access rights that is used by the first server in determining what may be 

5 performed by a user during the first session; and 

6 transmitting the set of access rights to the first server. 

1 21. A method comprising computer-implemented steps of: 

2 determining, based on user identification information that is included in a first 

3 request to establish a first session between a client and a first server, 

4 whether the first session between the client and the first server should be 

5 established, and if so, 

6 authorizing the first session between the client and the first server, and 

7 causing the user identification information to be stored in a cache; and 

8 authorizing a second session between the client and the first server in response to 

9 a second request for the second session, based on the user identification 
10 information from the first request that is stored in the cache. 
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1 22. The method recited in claim 2 1 , wherein the first server is a network access server 

2 and the steps of determining, authorizing the first session, causing, and 

3 authorizing the second session are performed by an Authorization, Authentication, 

4 and Accounting server. 

1 23. The method recited in claim 21, wherein the second request includes user 

2 identification information that contains a username and a second one-time 

3 password (OTP), and wherein authorizing a second session comprises: 

4 determining whether the username and the second OTP correspond to user 

5 identification information stored in the cache, and if so, authorizing the 

6 second session between the client and the first server. 

1 24. The method recited in claim 23, further comprising the computer-implemented 

2 step of receiving the second request from the first server. 

1 25. The method recited in 21, wherein the user identification information includes a 

2 username and a one-time password (OTP), and wherein authorizing a second 

3 session comprises determining whether the OTP is valid at the time that the 

4 second request is received. 

1 26. The method recited in claim 25, wherein authorizing a second session comprises 

2 determining whether the username and the OTP are in the cache, and if the 

3 username and the OTP are not in the cache, generating a request that can be sent 

4 to a password server to determine whether the OTP is currently valid. 
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1 27. The method recited in claim 2 1 , wherein the user identification information 

2 includes a username and a one-time password (OTP), and wherein authorizing the 

3 second session comprises: 

4 generating instructions to a second server for determining whether the username 

5 and OTP are currently in a second cache of the second server; and 

6 generating a request to a password server to authenticate the OTP; and 

7 generating instructions to the second server for caching the username and the OTP 

8 in memory at the second server. 

1 28. The method recited in claim 27, wherein the second server is an Authorization, 

2 Authentication, and Accounting server. 

1 29. The method recited in claim 2 1 , further comprising the computer-implemented 

2 steps of: 

3 identifying, based on a username from the user identification information, a set of 

4 access rights that is used by the first server in determining what may be 

5 performed by a user during the first session; and 

6 transmitting the set of access rights to the first server. 

1 30. A method comprising computer-implemented steps of: 

2 receiving at a first server a first request to establish a first session between a client 

3 and the first server, wherein the first request includes first user 

4 identification information; 

5 passing at least the first user identification information to a second server for use 

6 by the second server in determining whether the first session between the 

50325-0876 -39- 
(Seq. No. 8882) 



7 client and the first server should be established, and if so, authorizing the 

8 first session between the client and the first server, and for storing in a 

9 cache at the second server; 

10 receiving at the first server a second request to establish a second session between 

1 1 the client and the first server, wherein the second request includes second 

12 user identification information; 

13 passing at least the second user identification information to the second server for 

14 use by the second server in determining, based on the first user 

1 5 identification information that is stored in the cache and on the second 

16 user identification information, whether the second session between the 

17 client and the first server should be established, and if so, authorizing the 

1 8 second session between the client and the first server. 

1 31. A computer-readable medium carrying one or more sequences of instructions 

2 which, when executed by one or more processors, cause the one or more 

3 processors to perform at least the steps of: 

4 determining, based on user identification information that is included in a first 

5 request to establish a first session between a client and a first server, 

6 whether the first session between the client and the first server should be 

7 established, and if so, 

8 authorizing the first session between the client and the first server, and 

9 causing the user identification information to be stored in a cache; and 
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10 authorizing a second session between the client and the first server in response to 

1 1 a second request for the second session, based on the user identification 

12 information from the first request that is stored in the cache. 

1 32. A computer-readable medium carrying one or more sequences of instructions 

2 which, when executed by one or more processors, cause the one or more 

3 processors to at least the steps of: 

4 receiving at a first server a first request to establish a first session between a client 

5 and the first server, wherein the first request includes first user 

6 identification information; 

7 passing at least the first user identification information to a second server for use 

8 by the second server in determining whether the first session between the 

9 client and the first server should be established, and if so, authorizing the 

10 first session between the client and the first server, and for storing in a 

1 1 cache at the second server; 

12 receiving at the first server a second request to establish a second session between 

13 the client and the first server, wherein the second request includes second 

1 4 user identification information; 

1 5 passing at least the second user identification information to the second server for 

16 use by the second server in determining, based on the first user 

1 7 identification information that is stored in the cache and on the second 

1 8 user identification information, whether the second session between the 

19 client and the first server should be established, and if so, authorizing the 

20 second session between the client and the first server. 
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1 33. A system comprising: 

2 one or more processors; and 

3 memory coupled to the processor, the memory containing one or more sequences 

4 of instructions which, when executed by the one or more processors cause 

5 the processors to at least the steps of: 

6 determining, based on user identification information that is included in a 

7 first request to establish a first session between a client and a first 

8 server, whether the first session between the client and the first 

9 server should be established, and if so, 

10 authorizing the first session between the client and the first server, 

11 and 

12 causing the user identification information to be stored in a cache; 

13 and 

14 authorizing a second session between the client and the first server in 

15 response to a second request for the second session, based on the 

16 user identification information from the first request that is stored 

17 in the cache. 

1 34. The system recited in claim 33, wherein the first server is a network access server 

2 and the system comprises an Authorization, Authentication, and Accounting 

3 server. 
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1 35. The system recited in claim 33, wherein the second request includes user 

2 identification information that contains a username and a second one-time 

3 password (OTP), and wherein authorizing a second session comprises: 

4 determining whether the username and the second OTP correspond to user 

5 identification information stored in the cache, and if so, authorizing the 

6 second session between the client and the first server. 

1 36. The system recited in claim 35, wherein the instructions cause the one or more 

2 processors to perform at least the step of receiving the second request from the 

3 first server. 

1 37. The system recited in claim 33, wherein the user identification information 

2 includes a username and a one-time password (OTP), and wherein authorizing a 

3 second session comprises determining whether the OTP is valid at the time that 

4 the second request is received. 

1 38. The system recited in claim 37, wherein authorizing a second session comprises 

2 determining whether the username and the OTP are in the cache, and if the 

3 username and the OTP are not in the cache, generating a request that can be sent 

4 to a password server to determine whether the OTP is currently valid. 

1 39. The system recited in claim 33, wherein the user identification information 

2 includes a username and a one-time password (OTP), and wherein authorizing the 

3 second session comprises: 
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4 generating instructions to a second server for determining whether the username 

5 and OTP are currently in a second cache of the second server; and 

6 generating a request to a password server to authenticate the OTP; and 

7 generating instructions to the second server for caching the username and the OTP 

8 in memory at the second server. 

1 40. The system recited in claim 39, wherein the second server is an Authorization, 

2 Authentication, and Accounting server. 

1 41 . The system recited in claim 33, wherein the instructions cause the one or more 

2 processors to perform at least the steps of: 

3 identifying, based on a username from the user identification information, a set of 

4 access rights that is used by the first server in determining what may be 

5 performed by a user during the first session; and 

6 transmitting the set of access rights to the first server. 

1 42. A system comprising: 

2 one or more processors; and 

3 memory coupled to the processor, the memory containing one or more sequences 

4 of instructions which, when executed by the one or more processors cause 

5 the processors to at least the steps of: 

6 receiving at a first server a first request to establish a first session between 

7 a client and the first server, wherein the first request includes first 

8 user identification information; 
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9 passing at least the first user identification information to a second server 

10 for use by the second server in determining whether the first 

1 1 session between the client and the first server should be 

12 established, and if so, authorizing the first session between the 

13 client and the first server, and for storing in a cache at the second 

14 server; 

15 receiving at the first server a second request to establish a second session 

16 between the client and the first server, wherein the second request 

1 7 includes second user identification information; 

18 passing at least the second user identification information to the second 

19 server for use by the second server in determining, based on the 

20 first user identification information that is stored in the cache and 

21 on the second user identification information, whether the second 

22 session between the client and the first server should be 

23 established, and if so, authorizing the second session between the 

24 client and the first server. 
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